diff options
| author | Justin Bogner <mail@justinbogner.com> | 2016-04-12 21:34:24 +0000 |
|---|---|---|
| committer | Justin Bogner <mail@justinbogner.com> | 2016-04-12 21:34:24 +0000 |
| commit | 32ad24d4efae1484a73e91257f8fe3d1c8bcf7be (patch) | |
| tree | c833d7a95790e485208d48491625c13abf2db7a6 | |
| parent | d09ae3bfc5a49a384f283544d43f542aac0ba7b5 (diff) | |
| download | bcm5719-llvm-32ad24d4efae1484a73e91257f8fe3d1c8bcf7be.tar.gz bcm5719-llvm-32ad24d4efae1484a73e91257f8fe3d1c8bcf7be.zip | |
X86: Avoid accessing SDValues after they've been RAUW'd
This fixes two use-after-frees in selectLEA64_32Addr. If matchAddress
matches an ADD with an AND as an operand, and that AND hits one of the
"heroic transforms" that folds masks and shifts, we end up with N
pointing to an SDNode that was deleted. Make sure we're done accessing
it before that.
Found by ASan with the recycling allocator changes in llvm.org/PR26808.
llvm-svn: 266130
| -rw-r--r-- | llvm/lib/Target/X86/X86ISelDAGToDAG.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp b/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp index 4105191147a..54c47011265 100644 --- a/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp +++ b/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp @@ -1574,10 +1574,12 @@ bool X86DAGToDAGISel::selectMOV64Imm32(SDValue N, SDValue &Imm) { bool X86DAGToDAGISel::selectLEA64_32Addr(SDValue N, SDValue &Base, SDValue &Scale, SDValue &Index, SDValue &Disp, SDValue &Segment) { + // Save the debug loc before calling selectLEAAddr, in case it invalidates N. + SDLoc DL(N); + if (!selectLEAAddr(N, Base, Scale, Index, Disp, Segment)) return false; - SDLoc DL(N); RegisterSDNode *RN = dyn_cast<RegisterSDNode>(Base); if (RN && RN->getReg() == 0) Base = CurDAG->getRegister(0, MVT::i64); @@ -1617,6 +1619,10 @@ bool X86DAGToDAGISel::selectLEAAddr(SDValue N, SDValue &Segment) { X86ISelAddressMode AM; + // Save the DL and VT before calling matchAddress, it can invalidate N. + SDLoc DL(N); + MVT VT = N.getSimpleValueType(); + // Set AM.Segment to prevent MatchAddress from using one. LEA doesn't support // segments. SDValue Copy = AM.Segment; @@ -1627,7 +1633,6 @@ bool X86DAGToDAGISel::selectLEAAddr(SDValue N, assert (T == AM.Segment); AM.Segment = Copy; - MVT VT = N.getSimpleValueType(); unsigned Complexity = 0; if (AM.BaseType == X86ISelAddressMode::RegBase) if (AM.Base_Reg.getNode()) @@ -1667,7 +1672,7 @@ bool X86DAGToDAGISel::selectLEAAddr(SDValue N, if (Complexity <= 2) return false; - getAddressOperands(AM, SDLoc(N), Base, Scale, Index, Disp, Segment); + getAddressOperands(AM, DL, Base, Scale, Index, Disp, Segment); return true; } |
